IT Companies Get a Chance to Weigh in on New Legislation Wording
The Digital Privacy Act that was passed into law in June 2015, resulted in amendments to the Personal Information Protection and Electronic Documents Act (PIPEDA). Now, ten months later, the Government of Canada has given the opportunity to companies providing IT support Toronto and MSP’s across the country, to weigh in on specific regulatory language that will determine how the new law works out in practicality.
As it now stands, the Digital Privacy Act says that companies suffering “breaches of security safeguards” that have the potential of a “real risk of significant harm” to the owners of the information affected, will be required to notify the federal privacy commissioner of the breach.
The challenge comes in crafting regulations derived from the law in language that is unambiguous and executable. Some of these challenges are:
- What constitutes “Significant Harm”?
- How much information does the notification (to the government and individuals/organizations affected) have to contain?
- Which breaches rise to the level of necessitating a report to the federal privacy commissioner and notifying those whose information is affected?
- Who makes the determination of what breaches fall into the “Significant Harm” category?